import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
import org.opendaylight.groupbasedpolicy.renderer.vpp.event.NodeOperEvent;
import org.opendaylight.groupbasedpolicy.renderer.vpp.event.RendererPolicyConfEvent;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.AclManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
import org.opendaylight.groupbasedpolicy.util.IidFactory;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.address.endpoints.AddressEndpointKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.absolute.location.location.type.ExternalLocationCase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.has.rule.group.with.renderer.endpoint.participation.RuleGroupWithRendererEndpointParticipation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.RendererPolicy;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.RendererPolicyBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.rule.groups.RuleGroupKey;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
private static final Logger LOG = LoggerFactory.getLogger(VppRendererPolicyManager.class);
private final DataBroker dataProvider;
private ForwardingManager fwManager;
+ private final AclManager aclManager;
- public VppRendererPolicyManager(@Nonnull ForwardingManager fwManager, @Nonnull DataBroker dataProvider) {
+ public VppRendererPolicyManager(@Nonnull ForwardingManager fwManager, @Nonnull AclManager aclManager,
+ @Nonnull DataBroker dataProvider) {
this.fwManager = Preconditions.checkNotNull(fwManager);
this.dataProvider = Preconditions.checkNotNull(dataProvider);
+ this.aclManager = Preconditions.checkNotNull(aclManager);
}
@Subscribe
RendererPolicyBuilder responseBuilder = new RendererPolicyBuilder();
switch (event.getDtoModificationType()) {
case CREATED:
- LOG.trace("CREATED : {}", event.getIid());
+ LOG.debug("CREATED : {}", event.getIid());
responseBuilder.setVersion(event.getAfter().get().getVersion());
rendererPolicyCreated(event.getAfter().get());
break;
case UPDATED:
- LOG.trace("UPDATED: {}", event.getIid());
+ LOG.debug("UPDATED: {}", event.getIid());
RendererPolicy rPolicyBefore = event.getBefore().get();
RendererPolicy rPolicyAfter = event.getAfter().get();
responseBuilder.setVersion(rPolicyAfter.getVersion());
}
break;
case DELETED:
- LOG.trace("DELETED: {}", event.getIid());
+ LOG.debug("DELETED: {}", event.getIid());
responseBuilder.setVersion(event.getBefore().get().getVersion());
rendererPolicyDeleted(event.getBefore().get());
break;
@Override
public void onSuccess(Void result) {
- LOG.debug("Renderer updated renderer policy {}", response);
+ LOG.info("Renderer updated renderer policy to version {}", response.getVersion());
}
@Override
public void onFailure(Throwable t) {
- LOG.warn("Renderer DIDN'T update renderer-policy {}", response);
+ LOG.warn("Renderer failed to update renderer-policy to version {}", response.getVersion());
}
});
}
private void rendererPolicyUpdated(RendererPolicy rPolicyBefore, RendererPolicy rPolicyAfter) {
PolicyContext policyCtxBefore = new PolicyContext(rPolicyBefore);
PolicyContext policyCtxAfter = new PolicyContext(rPolicyAfter);
-
MapDifference<String, Collection<NodeId>> vppNodesByL2FlDiff =
createDiffForVppNodesByL2Fd(policyCtxBefore, policyCtxAfter);
SetMultimap<String, NodeId> removedVppNodesByL2Fd = HashMultimap.create();
ImmutableSet<RendererEndpointKey> rendEpsAfter = policyCtxAfter.getPolicyTable().rowKeySet();
SetView<RendererEndpointKey> removedRendEps = Sets.difference(rendEpsBefore, rendEpsAfter);
- LOG.trace("Removed renderer endpoints {}", removedRendEps);
+ LOG.debug("Removed renderer endpoints {}", removedRendEps);
removedRendEps.forEach(rEpKey -> fwManager.removeForwardingForEndpoint(rEpKey, policyCtxBefore));
- LOG.trace("Removed bridge domains on nodes {}", removedVppNodesByL2Fd);
- LOG.trace("Created bridge domains on nodes {}", createdVppNodesByL2Fd);
+ LOG.debug("Removing bridge domains on nodes {}", removedVppNodesByL2Fd);
fwManager.removeBridgeDomainOnNodes(removedVppNodesByL2Fd);
+ LOG.debug("Creating bridge domains on nodes {}", createdVppNodesByL2Fd);
fwManager.createBridgeDomainOnNodes(createdVppNodesByL2Fd);
+ fwManager.syncNatEntries(policyCtxAfter);
+
SetView<RendererEndpointKey> createdRendEps = Sets.difference(rendEpsAfter, rendEpsBefore);
- LOG.trace("Created renderer endpoints {}", createdRendEps);
+ LOG.debug("Created renderer endpoints {}", createdRendEps);
createdRendEps.forEach(rEpKey -> fwManager.createForwardingForEndpoint(rEpKey, policyCtxAfter));
SetView<RendererEndpointKey> updatedRendEps = Sets.intersection(rendEpsBefore, rendEpsAfter);
- LOG.trace("Updated renderer endpoints {}", updatedRendEps);
+ LOG.debug("Updated renderer endpoints {}", updatedRendEps);
// update forwarding for endpoint
updatedRendEps.forEach(rEpKey -> {
AddressEndpointWithLocation addrEpWithLocBefore =
policyCtxAfter.getAddrEpByKey().get(KeyFactory.addressEndpointKey(rEpKey));
if (isLocationChanged(addrEpWithLocBefore, addrEpWithLocAfter)) {
LOG.debug("Location is changed in endpoint {}", rEpKey);
- LOG.trace("\nLocation before: {}\nLocation after: {}", addrEpWithLocBefore.getAbsoluteLocation(),
+ LOG.debug("\nLocation before: {}\nLocation after: {}", addrEpWithLocBefore.getAbsoluteLocation(),
addrEpWithLocAfter.getAbsoluteLocation());
fwManager.removeForwardingForEndpoint(rEpKey, policyCtxBefore);
fwManager.createForwardingForEndpoint(rEpKey, policyCtxAfter);
}
});
+ updatePolicy(policyCtxBefore, policyCtxAfter);
+ }
+
+ /**
+ * Looks for changed rule groups in {@code policyCtxBefore} and {@code policyCtxAfter}.
+ * Access lists are updated for endpoints in {@code policyCtxAfter} affected by changed rule
+ * groups.
+ *
+ * @param policyCtxBefore policy before
+ * @param policyCtxAfter policy after
+ */
+ private void updatePolicy(PolicyContext policyCtxBefore, PolicyContext policyCtxAfter) {
+ LOG.info("Updating policy by rule groups.");
+ Set<RuleGroupKey> diffRuleGroups = new HashSet<>();
+ diffRuleGroups.addAll(Sets.difference(policyCtxBefore.getRuleGroupByKey().keySet(),
+ policyCtxAfter.getRuleGroupByKey().keySet()));
+ diffRuleGroups.addAll(Sets.difference(policyCtxAfter.getRuleGroupByKey().keySet(), policyCtxBefore.getRuleGroupByKey().keySet()));
+ LOG.trace("Rule groups changed: {} ", diffRuleGroups.size());
+ Set<RendererEndpointKey> updates = new HashSet<>();
+ for (PolicyContext policy : new PolicyContext[] {policyCtxBefore, policyCtxAfter}) {
+ if (policy.getPolicy().getConfiguration() == null
+ || policy.getPolicy().getConfiguration().getRendererEndpoints() == null
+ || policy.getPolicy().getConfiguration().getRendererEndpoints().getRendererEndpoint() == null) {
+ continue;
+ }
+ policy.getPolicy()
+ .getConfiguration()
+ .getRendererEndpoints()
+ .getRendererEndpoint()
+ .stream()
+ .filter(rEp -> !updates.contains(rEp.getKey()))
+ .forEach(rEp -> {
+ for (PeerEndpoint pEp : rEp.getPeerEndpoint()) {
+ for (RuleGroupWithRendererEndpointParticipation rg : pEp
+ .getRuleGroupWithRendererEndpointParticipation()) {
+ if (!diffRuleGroups.contains(
+ new RuleGroupKey(rg.getContractId(), rg.getSubjectName(), rg.getTenantId()))) {
+ continue;
+ }
+ LOG.debug("Updated resolved rule group: {}. Affected endpoints {} and {}.", rg.getKey(), rEp.getKey(), pEp.getKey());
+ updates.add(rEp.getKey());
+ AddressEndpointKey k1 = AddressEndpointUtils.fromPeerEpKey(pEp.getKey());
+ updates.add(AddressEndpointUtils.toRendererEpKey(k1));
+ }
+ }
+ });
+ }
+ for (RendererEndpointKey rEpKey : updates) {
+ aclManager.updateAclsForRendEp(rEpKey, policyCtxAfter);
+ }
}
private static boolean isLocationChanged(AddressEndpointWithLocation before, AddressEndpointWithLocation after) {
SetMultimap<String, NodeId> vppNodesByL2Fd = resolveVppNodesByL2Fd(rEpKeys, policyCtx);
fwManager.createBridgeDomainOnNodes(vppNodesByL2Fd);
-
+ fwManager.syncNatEntries(policyCtx);
rEpKeys.forEach(rEpKey -> fwManager.createForwardingForEndpoint(rEpKey, policyCtx));
}
rEpKeys.forEach(rEpKey -> fwManager.removeForwardingForEndpoint(rEpKey, policyCtx));
SetMultimap<String, NodeId> vppNodesByL2Fd = resolveVppNodesByL2Fd(rEpKeys, policyCtx);
+ fwManager.deleteNatEntries(policyCtx);
fwManager.removeBridgeDomainOnNodes(vppNodesByL2Fd);
}